<?php
class RbacCommand extends CConsoleCommand
{
	private $_authManager;
	
        public function getHelp()
	{
		return <<<EOD
USAGE
            rbac huppeldepup
DESCRIPTION
            This command generates an initial RBAC authorization hierarchy.
EOD;
	}
	/**
	* Execute the action.
	* @param array command line parameters specific for this command
	*/
	public function run($args)
	{
		//ensure that an authManager is defined as this is mandatoryfor creating an auth heirarchy
		if(($this->_authManager=Yii::app()->authManager)===null)
		{
			echo "Error: an authorization manager, named 'authManager'
			must be configured to use this command.\n";
			echo "If you already added 'authManager' component in
			application configuration,\n";
			echo "please quit and re-enter the yiic shell.\n";
			return;
		}
		//provide the oportunity for the use to abort the request
		echo "This command will create three roles: HiO and Beheerder and the following premissions:\n";
		echo "create, read, update and delete Gebruiker\n";
		echo "create, read, update and delete Onderzoek\n";
		echo "create, read, update and delete Stap\n";
                echo "create, read, update and delete Afdeling\n";
                echo "create, read, update and delete Resultaat\n";
		echo "Would you like to continue? [Yes|No] ";
		//check the input from the user and continue if they indicated yes to the above question
		if(!strncasecmp(trim(fgets(STDIN)),'y',1))
		{
		//first we need to remove all operations, roles, child relationship	and assignments
			$this->_authManager->clearAll();
			//create the lowest level operations for gebruikers
			$this->_authManager->createOperation("createGebruiker","create a new user");
			$this->_authManager->createOperation("readGebruiker","read user profile information");
			$this->_authManager->createOperation("updateGebruiker","update a users information");
			$this->_authManager->createOperation("deleteGebruiker","remove a user from a onderzoek");
			//create the lowest level operations for onderzoeken
                            //doema eerst keer normaal en kijk dan of de juiste namen gehanteerd worden via controller rules
                            
                            $this->_authManager->createOperation("createOnderzoek","create a new onderzoek");
                            $this->_authManager->createOperation("readOnderzoek","read public information");
                            $this->_authManager->createOperation("updateOnderzoek","update public information");
                            $this->_authManager->createOperation("deleteOnderzoek","delete a onderzoek"); 
                            /*
                            //public
                            $this->_authManager->createOperation("createPublicOnderzoek","create a new public onderzoek");
                            $this->_authManager->createOperation("readPublicOnderzoek","read public onderzoek information");
                            $this->_authManager->createOperation("updatePublicOnderzoek","update public onderzoek information");
                            $this->_authManager->createOperation("deletePublicOnderzoek","delete a public onderzoek");
                            //private
                            $this->_authManager->createOperation("createPrivateOnderzoek","create a new Private onderzoek");
                            $this->_authManager->createOperation("readPrivateOnderzoek","read Private onderzoek information");
                            $this->_authManager->createOperation("updatePrivateOnderzoek","update Private onderzoek information");
                            $this->_authManager->createOperation("deletePrivateOnderzoek","delete a Private onderzoek");
                             * 
                             */
			//create the lowest level operations for stappen
			$this->_authManager->createOperation("createStap","create a new stap");
			$this->_authManager->createOperation("readStap","read stap information");
			$this->_authManager->createOperation("updateStap","update stap information");
			$this->_authManager->createOperation("deleteStap","delete an stap from a onderzoek");
                        //create the lowest level operations for afdeling
			$this->_authManager->createOperation("createAfdeling","create a new Afdeling");
			$this->_authManager->createOperation("readAfdeling","read Afdeling information");
			$this->_authManager->createOperation("updateAfdeling","update Afdeling information");
			$this->_authManager->createOperation("deleteAfdeling","delete an Afdeling from a onderzoek");
                        //create the lowest level operations for resultaat
			$this->_authManager->createOperation("createResultaat","create a new Resultaat");
			$this->_authManager->createOperation("readResultaat","read Resultaat information");
			$this->_authManager->createOperation("updateResultaat","update Resultaat information");
			$this->_authManager->createOperation("deleteResultaat","delete an Resultaat from a onderzoek");
                        
			//create the hio role and add the appropriate permissions as	children to this role
			$bizRule='return !Yii::app()->user->getState("isAdmin");';
                        $role = $this->_authManager->createRole('hio', 'huisarts in opleiding', $bizRule);
                        //$role=$this->_authManager->createRole("hio");
			$role->addChild("readGebruiker");			
                        //$role->addChild("createPrivateOnderzoek");
			//$role->addChild("updatePrivateOnderzoek");
			//$role->addChild("deletePrivateOnderzoek");
                        $role->addChild("deleteOnderzoek");
                        
			$role->addChild("readStap");
                        $role->addChild("readAfdeling");
                        //$role->addChild("readResultaat"); //uncomment later
			//create the member role, and add the appropriate permissions, as well as the hio role itself, as children
			$bizRule='return Yii::app()->user->getState("isAdmin");';
                        $role=$this->_authManager->createRole('beheerder', 'beheerder', $bizRule);
                        //$role=$this->_authManager->createRole("beheerder");
			$role->addChild("hio");
                        
                        $role->addChild("readResultaat"); //weg later
                        
			$role->addChild("createStap");
			$role->addChild("updateStap");
			$role->addChild("deleteStap");
                        //$role->addChild("createPublicOnderzoek");
			//$role->addChild("updatePublicOnderzoek");
			//$role->addChild("deletePublicOnderzoek");
                        $role->addChild("createOnderzoek");
			$role->addChild("updateOnderzoek");
			$role->addChild("deleteOnderzoek");
                        
                        $role->addChild("createAfdeling");
			$role->addChild("updateAfdeling");
			$role->addChild("deleteAfdeling");
                        $role->addChild("createResultaat");
			$role->addChild("updateResultaat");
			$role->addChild("deleteResultaat");
			echo "Authorization hierarchy successfully generated.";
		}
	}
}
?>